The present invention relates in general to systems and methods for sharing content items among users, and in particular to systems and methods for controlling access to shared content items using token propagation.
The World Wide Web (Web), among many other uses, provides a platform for communities of users (e.g., friends, families, or users with some common interest) to exchange information with each other. In recent years, numerous sites have been created at which users can register as members and then sign in to post their own content and view content provided by other members. Many types of content can be shared, including photos and media files, bookmarks (links to Web pages that a user finds interesting), ratings and/or comments on Web pages or various real-world entities (restaurants, shops, movies, etc.), and so on. Virtually any content users create can, in principle, be posted to the Web and shared with others.
Some content-sharing sites provide discrete communities that a user chooses to join. Each community is usually defined around some relationship (e.g., family members) or common interest (e.g., a hobby or career). After joining, the user can post content to a “shared library” that is available to all members of the community. Depending on the site, all members can browse and/or search the library of shared content.
Sites organized in this manner have certain limitations. For instance, the typical user has many interests and social connections, and a given content item might be of interest to multiple communities. At a community-based site, the user would need to post the content in multiple places to make it visible to multiple communities. In addition, users of such sites tend to post only content that they are willing to share with all members of a community.
Another type of content-sharing site is based on a social network (or trust network) model of user relationships. In the social network model, discrete communities are not identified. Instead, each user who joins the network identifies one or more other users as trusted users (sometimes referred to as “friends”); trust relationships can be unidirectional or bidirectional. The social network is built up by defining links from a user to his friends, from his friends to their friends, and so on. Like other content sharing sites, members of a social network site can access a browsable and/or searchable shared library of content.
From the user's perspective, the social network model simplifies the task of sharing content. After identifying his friends, a user can post content to the sharing site, and the content becomes accessible to the users he trusts, and often to the users they trust. However, the posting user generally does not know who (apart from his friends) is a member of the network, and this fact may make users reluctant to post content that they do not want made public.
To encourage more content sharing in such systems, effective access control is needed. Ideally, a posting user would be able to specify a visibility rule for each content item he posts, thereby controlling how broadly the item is to be shared (e.g., with friends only, with friends of friends, with friends of friends of friends, etc.). During browsing and/or searching of the shared library, a querying user would see a content item only if she is within its visibility rule.
Implementing this model presents several difficulties. First, a server system that provides access to the shared library must determine the visibility rule for a given content item on demand. Then the server system must determine whether a querying user qualifies for access under the applicable rule. The latter determination is further complicated because of the way relationships are typically represented in social network databases. Specifically, if a first user trusts a second user, the trust relationship is reflected in the first user's record in the database but not in the second user's record. If the second user trusts a third user, the second user's record shows that relationship, but the third user's record does not show a relationship to either the second or first users. Thus, when the third user submits a query, it is not immediately apparent from the posted content item or the third user's database record that she should have access to content items posted by the first user with a visibility rule that includes “friends of friends” or even that she should have access to content items posted by the second user with a visibility rule that includes “friends.” While these facts can be determined, making such determinations takes time, slowing the overall server response. And as the social network expands, the response time to users' requests for information from the library increases.
One solution is to provide an access control list for each content item, listing the users who have access to that item. However, every time a relationship in the network changes, the access control lists must be updated; given a large enough number of documents, this procedure becomes prohibitive.
It would therefore be desirable to provide access control systems and methods usable in a social network environment to efficiently determine which content items should be made accessible to a given user.